Asset Details > Understanding technical assets > Data classifications
  

Data classifications

Data classification is the process of identifying and organizing data into relevant categories based on the functional meaning of data. Classifying data can help your organization manage risks, compliance, and data security.
In Metadata Command Center, enable the data classification capability on a catalog source and create data classification rules to identify and classify data into relevant categories. For example, you can create data classification rules to identify and tag sensitive information such as credit card numbers or customer addresses contained in columns or tables. You can then run the data classification rule against the catalog source and view the classification of columns and tables in Data Governance and Catalog.
For information about creating data classifications, see the Administration help module in Metadata Command Center.

Types of data classifications

Depending on the type of data that you want to identify and classify in your organization, there are three different types of data classifications that you can create and view in your organization.

Data element classification

This is the smallest unit of data classification. It refers to the classification of columns or fields of tables or files. Data element classification labels and categorizes information contained in data elements based on the metadata extracted from source systems and the facts collected as the result of data profiling. For example, you can use data element classification to find sensitive information in columns, such as, credit card numbers, Social Security Numbers or the driver's license numbers. You can then take actions to secure access to sensitive data and set standards for data privacy in your organization.

Data entity classification

This classification identifies data entities such as purchase order, invoice, customer, location, person, or address contained in a data set. A data entity is a collection of data elements and is derived based on an inclusion scope. For example, if 'Full Name', 'Gender', 'Date of Birth', 'Email', or 'Phone #' are identified in one or more columns of a table, then that table is classified as a 'person' entity. You can use entity classifications to identify important characteristics of data and group them together as entities.

CLAIRE Generated Data Classification

This classification is powered by CLAIRE. When you select it, the system automatically generates data classifications for the data elements without the need for any human input.

View data classifications for technical assets

You can view data element classifications, data entity classifications, and generated data classifications associated with a technical asset on the asset page.
To view data classifications for technical assets, ensure that the organization administrator grants you the Read permission on data classification assets through access policies in Metadata Command Center. For more information about how administrators manage access to assets, see the Introduction and Getting Started help module.
After you run the data classification capability for a catalog source in Metadata Command Center, you can curate the data classifications in Data Governance and Catalog. For more information about curating data classifications for technical assets, see Curate data classifications for technical assets.
The following image shows the data element classifications:
Image depicting data element classification.

Curate data classifications for technical assets

If you are a data owner and you want to label or classify data into a variety of categories that are critical to your organization, you can curate data classifications in Data Governance and Catalog.
After you add the data classification rules to a catalog source and run the data classification job for the catalog source in Metadata Command Center, you can curate data classifications for the extracted technical assets in Data Governance and Catalog. When you curate data classifications, you either accept the inferred data classifications to associate them to technical assets, or decline the inferred data classification associations. You can also manually associate technical assets with one or more data classification rules that you have created. For information about creating data classifications, see the Administration help module in Metadata Command Center.
The following guidelines apply if you want to curate data classifications:

Accept or decline inferred data classifications

When you add data classification rules to a catalog source in Metadata Command Center, the system identifies the columns and tables that match the rules and displays one or more matched data classifications on the column or table asset pages in Data Governance and Catalog. If your role has the required privileges, you can see the inferred data classifications in the Accepted section of the Data Element Classifications or Data Entity Classifications panel.
The following image shows a column asset page with the inferred data element classifications that match the column data and metadata. All accepted data classification assets appear with an orange color border.
Image depicting the column asset page with accepted and declined data element classification with sensitivity label on the header.
If the data classifications inferred for the columns or tables are not suitable, you can decline the accepted data classifications from the Accepted section. The declined classifications move to the Declined section of the Data Element Classifications or Data Entity Classifications panel. The declined classification automatically changes from orange to grey color border. In the above example, three inferred data element classifications were declined for the column.

Manually associate data classifications with technical assets

If you did not add data classification rules while configuring the catalog source in Metadata Command Center, you can manually add data classifications to technical assets in Data Governance and Catalog. To manually associate data classifications with technical assets, perform one of the following actions:

Bulk accept or decline inferred and manually associated data classifications

Optionally, you can bulk accept or decline all inferred and manually associated data classifications for the column or the table. Click the action menu and select one of the options to bulk accept declined classifications or decline all accepted data classifications.
The following image shows the options for bulk accepting or declining data classifications.
Image depicting the column asset page that shows the bulk accept or decline options for the data element classifications.

View data classification assets and their details

To view details of data classifications that are associated or recommended for a technical asset, open the technical asset page, and click the name of the data classification to open the data classification asset page. You can also enter a search query to find the data classification and then open the data classification asset page from the search results.

Data entity classification

The data entity classification asset page displays the following tabs:
The following image shows the data entity classification asset page:
Image depicting the Classification Scope section.

Data element classification

The data element classification asset page displays the following tab:
The following image shows the data element classification asset page:
Image depicting the Data Element Classification asset page.

Generated classification

The generated classification asset page displays the following tab:
The Overview tab displays basic information for the generated classification.
The following table describes the properties of the Overview tab:
Field
Description
Catalog Sources
Number of catalog sources for which the classifications apply.
Total Associations
Number of technical assets from different catalog sources for which the classifications apply.
The Associations tab displays the total number of technical assets from different catalog sources that are associated with the generated classification.
The following table describes the properties of the Associations tab:
Field
Description
Name
Name of the technical asset.
Type
Type of the data element.
Associated Classifications
Number of data element classifications associated with the generated classification.
Hierarchy
Hierarchy of the technical asset from the catalog source to the smallest unit of data element.
The following image shows the generated data classifications asset page.
Image depicting the generated data classifications asset page.
A generated classification may consist of technical assets from different catalog sources.
Image depicting the tabs of generated data classification asset page.

Sensitivity label for data element classifications

Sensitivity labels in Data Governance and Catalog help you classify and protect important data in your organization. This helps an organization understand the value of its data, evaluate whether the data is at risk, and execute control measures to mitigate risks. Data classification sensitivity also helps an organization to comply with relevant industry-specific regulatory mandates.
While creating a data element classification in Metadata Command Center, you can select the sensitivity level to indicate whether an asset is sensitive or non-sensitive. For more information on creating a data element classification, see the Administration help in Metadata Command Center.
In Data Governance and Catalog, you can view the sensitivity labels for the data elements that the classification is related to. You can search and find assets based on the sensitivity level by using appropriate search queries. For more information about search query examples, see the Working With Assets help.

View sensitivity of a technical asset

To view the sensitivity of a technical asset in Data Governance and Catalog, the organization administrator must assign the following permission to you through access policies in Metadata Command Center:
By default, the sensitivity attribute has the following three levels:
Apart from the predefined sensitivity levels that are listed in this help, you might see other sensitivity levels that your organization administrator can customize exclusively for your organization in Metadata Command Center. For information about how your administrator can customize sensitivity levels, see the Administration help in Metadata Command Center.
You can view the sensitivity for data elements on various pages in Data Governance and Catalog. The following image displays the sensitivity of an asset on the asset page:
Image depicting an asset page that highlights the sensitivity badge.

Generated classifications

Use CLAIRE to automatically generate data classifications for the data elements extracted from the source system. CLAIRE can identify, analyze, and classify the data contained in the data elements without any human input.
If you enable the Generated Data Classification option in Metadata Command Center while configuring a catalog source, CLAIRE identifies and automatically generates data classifications for the data elements of that catalog source. On the technical asset page for data elements belonging to the catalog source, you can view the generated classifications.

What can I do with generated classifications

You can either promote, reject, or demote a generated classification. You can bulk export the generated classifications, make changes, and use the bulk import feature to re-import them into Data Governance and Catalog.
You can also search for generated classifications in the catalog. You can view generated classifications only if your organization administrator has granted you the Read permission on data classification assets through access policies in Metadata Command Center. For information about search query examples that you can use to search for generated classifications, see the Working with Assets help.

Promoting a generated classification

You can promote a selected generated classification to a data element classification so that it can be associated automatically with the columns in a data element. Promotion means associating generated classifications to data element classifications and also to data elements associated with generated classifications.
You can promote generated classifications only if your organization has granted you the following permissions and privileges:
To promote a generated classification, perform the following steps:
    1On the generated classification page, click Promote on the top right corner or click Promote Generated Classification option in the Promotion section to associate the generated classification with the data element classification.
    Image depicting promotion of a generated classification.
    2To promote a generated classification to associate an existing data element classification, select the data element classification from the existing list and enter the following information:
    Field
    Description
    Data Element Classification
    Name of the data element classification.
    Sensitivity
    Sensitivity of the data element classification.
    Description
    Description of the data element classification.
    3To promote a generated classification to associate with a newly created data element classification, enter the details about the new data element classification that you want to create:
    Field
    Description
    Name
    Name of the new data element classification.
    Description
    Description of the new data element classification.
    Sensitivity
    Sensitivity of the new data element classification.
    4Click Promote. A generated classification promotion job is triggered.
    5Click View Status to view the progress of the promotion job or go to the Job Monitoring page to see the job status. After a promotion job is complete, you can view the data element classification that is associated with the generated classification on the generated classification asset page.
    Note: You cannot promote or reject the generated classification while the promotion job is in progress.

Rejecting a generated classification

To remove the generated classification from the system, you can reject a generated classification. To reject a generated classification, ensure that your organization administrator enables the Curate Data Classifications privilege for Data Governance and Catalog and Manage Data Classifications privilege for Metadata Command Center.
You can reject generated classifications only if your organization has granted you the following permissions and privileges:
    bulletOn the generated classification page, click Reject on the top right corner to remove the generated classification. The generated classification is no longer discoverable in the catalog.
    Image depicting the rejection of a generated classification.

Rejecting associations from a generated classification

You can also reject a maximum of 25 associations from a generated classification at a time in any one of the following ways:
    1Select the associations you want to reject. Click Reject from the selection list. You can reject multiple associations.
    2Select the association you want to reject. Clear the selected associations from the Generated Classifications section on the asset page. You can only remove one selected association.
    Image depicting rejection of multiple associations.
    Note: You can remove the associations even after the generated classification is promoted.

Demoting a generated classification

To remove the association of the generated classification with the data element classification, you can demote a generated classification.
You can demote generated classifications only if your organization has granted you the following permissions and privileges:
You can run a demotion job only after the promotion job of the generated classification is complete. A demotion job is triggered when you remove the association of the data element classification with the generated classification.
    1 View the promoted generated classification in the generated classification asset page.
    2Clear the data element classification to remove the association of the generated classification with the data element classification. When you clear the entry, the classification is no longer promoted.
    Note: When you clear the created classification, the classification is discoverable, but it is no longer promoted as the mentioned classification.
    Image depicting demotion of a generated classification.

Example of promoting, demoting and rejecting a generated classification

Let us assume you are a user who wants to promote a generated classification. In this example, if City is the generated classification for columns C1, C3, C4, and C6 in a table and you promote this generated classification as USA City, then the columns C1, C3, C4, and C6 have the values as USA City. If you run a generated classification job and want to add columns C7 and C9 to the same table later, you can promote these columns as USA City.
When you want to add newer columns, C10 and C11 to the table and do not want to promote the new columns as USA City, you can demote the generated classification. After you demote the USA city classification, the columns C10 and C11 no longer have the values as USA City. You can again promote these new columns with a new generated classification. However, the columns C1, C3, C4, C6, C7, and C9 still have generated classification values as USA City.
If you do not want the generated classification to be found in the system, you can reject it. In this situation, none of the columns remain associated with the generated classification that is rejected.

Lifecycle of a generated classification

The following image shows the generated classification process workflow:
Image depicting the generated classification process workflow.

Viewing generated classification on the Asset page

Click the technical asset in the Associations tab of the generated classification asset page to view the generated classification on the Overview tab of the Asset page.
After a generated classification is promoted, the Data Elements Classifications section displays the data element that is associated with the generated classification.
Note: You cannot view the generated classification in the Generated Classifications section on the Asset page, after you promote a generated classification.
Image depicting generated classification on the asset page.